These instructions are provided as a guide for users utilizing FreeRADIUS v2.1.10, specifically performed on Zentyal Linux 3.3. Other FreeRADIUS installations may benefit from these instructions but have not been specifically tested.

Resolution

Step 1: Creating users

Go to the office tab on the left hand pane->User and Computers->Manage. Add the users here:

(setting the users passwords here means that you do not have to declare the passwords in the users file)

Step 2: Adding the RADIUS client

Go to Gateway->RADIUS Under General Configuration you need to add the RADIUS client (the IP/device you want to use RADIUS Authentication on).

Give your Client a name and enter in the IP address of the device you wish to add. You also add the Shared Secret password in this section. Click on Add to finish adding the RADIUS client. Your RADIUS client is added to the list of RADIUS Clients now.

Step 3: Adding your RADIUS Server to your APC device

Log into the interface of your APC Network Management Card enabled device. In this example, we will do the configuration via the web interface. It can also be completed via telnet or SSH depending on your model and firmware version.

v3.X.X, v5.X.X firmware: Go to the Administration tab->Security->RADIUS->and modify one of the default server configurations.

v6.X.X firmware: Go to the Configuration->Security->Remote Users->RADIUS and modify one of the default server configurations.

Enter in the details of the RADIUS Server and the username/password and check the credentials (the username you test here is one that you added to your user section in Step 1). By default, the user will have read-only access.

(Example below from v3.X.X or v5.X.X firmware, v6.X.X interface will look similar but is green and white)

Once the RADIUS server is added correctly you will see the following:

Step 4: SSH into your FreeRADIUS server

When you SSH into your FreeRADIUS server, check the clients.conf file to make sure your devices are listed there. The location of the clients.conf file is under /etc/freeradius. You can see the Shared Secret password in this file for the particular device you added as a RADIUS Client.

Check the contents of the dictionary.apc file under /usr/share.dictionary.apc.

Step 5: Modifying your Users file for specify users

Navigate to /etc/freeradius. Type nano users on the command prompt. (This command will allow you to edit the file).

The below example screenshot of the users file indicates that userA has Administrator access. User apc has device access. All other users not defined in this file have read only access.

Once you have edited the file, restart the FreeRADIUS service to make sure the syntax is correct. To restart the service, enter the following command:

It will show the following if no errors exist:

Once all the above steps have been performed, log into one of the devices you added as a RADIUS client and test to verify it is authenticating properly.